Prosííííím o kontrolu logu

Příspěvekod **fredik** » 06 říj 2007 13:57

Combofix co jsi před chvílí stáhl na plochu tak ho smaž a stáhni si ho znovu zde a vlož sem log který se ti zobrazí po proběhnutí programu.

Reklama

PECHY15 · Příspěvekod **PECHY15** » 06 říj 2007 15:11

Tady je ten log. Psalo mi to nějake chyby,ale snad to nevadí.

ComboFix 07-10-06.3 - PECHY 2007-10-06 14:50:22.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.413 [GMT 2:00]
Running from: C:\Documents and Settings\PECHY.JINDüICHPECHAL\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\compwiz.exe
C:\Program Files\Common Files\companion wizard\log.txt
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
C:\Program Files\Common Files\Companion Wizard\WapCHK{02077A1F-F869-472C-BD20-07663B2B1511}.dll
C:\Program Files\iMeshBar
C:\Program Files\iMeshBar\bar\Cache\002520D2
C:\Program Files\iMeshBar\bar\Cache\0039483E.bin
C:\Program Files\iMeshBar\bar\Cache\00394F63.bmp
C:\Program Files\iMeshBar\bar\Cache\003958C9.bmp
C:\Program Files\iMeshBar\bar\Cache\013EC3A3
C:\Program Files\iMeshBar\bar\Cache\01433361
C:\Program Files\iMeshBar\bar\Cache\files.ini
C:\Program Files\iMeshBar\bar\History\search
C:\Program Files\iMeshBar\bar\Settings\prevcfg.htm
C:\Program Files\Win Stream plugin
C:\Program Files\Win Stream plugin\basis.xml
C:\Program Files\Win Stream plugin\download.html
C:\Program Files\Win Stream plugin\icons.bmp_16.bmp
C:\Program Files\Win Stream plugin\tbhelper.dll
C:\Program Files\Win Stream plugin\tbu317\basis.xml
C:\Program Files\Win Stream plugin\tbu317\Cache\815dbd2ede4878fd25d37fe37f5d968c
C:\Program Files\Win Stream plugin\tbu317\download.html
C:\Program Files\Win Stream plugin\tbu317\icons.bmp_16.bmp
C:\Program Files\Win Stream plugin\tbu317\popup.html
C:\Program Files\Win Stream plugin\tbu317\version.txt
C:\Program Files\Win Stream plugin\tbu317\win_stream_plugin.crc
C:\Program Files\Win Stream plugin\tbu317\win_stream_plugin.dll
C:\Program Files\Win Stream plugin\tbu317\win_stream_plugin.inf
C:\Program Files\Win Stream plugin\version.txt
C:\Program Files\Win Stream plugin\win_stream_plugin.crc
C:\Program Files\Win Stream plugin\win_stream_plugin.dll
C:\WA6P
C:\WINDOWS\cookies.ini
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\auto.exe
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\ddcaaxw.dll
C:\WINDOWS\system32\jkkiigg.dll
C:\WINDOWS\system32\pmnmklk.dll
C:\WINDOWS\system32\qynudkst.ini
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\tskdunyq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_FOPN
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
-------\vspf
-------\vspf_hk

((((((((((((((((((((((((( Files Created from 2007-09-06 to 2007-10-06 )))))))))))))))))))))))))))))))
.

2007-10-06 13:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 12:17 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-06 12:17 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-06 12:17 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-04 17:46 1 --a------ C:\WINDOWS\system32\rc.dat
2007-10-04 17:46 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-10-04 17:46 1 --a------ C:\WINDOWS\system32\cookie1.dat
2007-10-04 17:29 7,388 --a------ C:\xxbrek.exe
2007-10-04 17:29 52,224 --a------ C:\WINDOWS\system32\btasv.dll
2007-10-04 17:29 40,832 --a------ C:\WINDOWS\system32\conf.dat
2007-10-04 17:29 28,160 --a------ C:\pspw.exe
2007-10-04 17:29 158,464 --a------ C:\WINDOWS\system32\438fc9ee.sys
2007-10-03 15:44 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-10-03 15:30 <DIR> d-------- C:\Program Files\Hide Real IP
2007-10-02 17:23 <DIR> dr------- C:\Documents and Settings\mohaa\Oblˇben‚ polo§ky
2007-10-02 17:23 <DIR> dr------- C:\Documents and Settings\mohaa\Dokumenty
2007-10-02 17:23 <DIR> d--h----- C:\Documents and Settings\mohaa\ćablony
2007-10-02 17:23 <DIR> d--h----- C:\Documents and Settings\mohaa\Okolnˇ tisk rny
2007-10-02 17:23 <DIR> d--h----- C:\Documents and Settings\mohaa\Okolnˇ sˇś
2007-10-02 17:23 <DIR> d--h----- C:\Documents and Settings\mohaa\Data aplikacˇ
2007-10-02 17:23 <DIR> d-------- C:\Documents and Settings\mohaa\WINDOWS
2007-10-02 17:23 <DIR> d-------- C:\Documents and Settings\mohaa\Plocha
2007-10-02 17:23 <DIR> d-------- C:\Documents and Settings\mohaa\Nabˇdka Start
2007-10-01 17:55 <DIR> d-------- C:\Program Files\PQDVD
2007-09-27 17:08 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-09-21 15:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-09-16 12:35 <DIR> d-------- C:\Program Files\QuickTime
2007-09-16 12:35 <DIR> d-------- C:\Program Files\ImTOO
2007-09-15 20:10 <DIR> d-------- C:\Program Files\A-one 3GP Video Converter
2007-09-15 13:20 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-09-13 20:02 5,888 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-13 20:02 127,488 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-13 19:59 <DIR> d-------- C:\Program Files\AskTBar
2007-09-13 19:59 <DIR> d-------- C:\Program Files\Ahead
2007-09-11 12:05 <DIR> d-------- C:\Program Files\01-mp3search

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 13:49 --------- d-------- C:\Program Files\Spyware Terminator
2007-10-06 06:55 --------- d-------- C:\Program Files\RegVac Registry Cleaner
2007-10-05 19:23 --------- d-------- C:\Program Files\GameSpy Arcade
2007-10-04 17:29 --------- d-------- C:\Program Files\Common Files\soft602
2007-10-01 10:44 --------- d-------- C:\Program Files\ICQToolbar
2007-09-21 15:24 --------- d-------- C:\Program Files\GamePark
2007-09-13 19:59 --------- d-------- C:\Program Files\Ahead- Nero
2007-09-04 23:05 --------- d-------- C:\Program Files\SpeedFan
2007-09-03 13:42 --------- d-------- C:\Program Files\ZOO Digital Publishing
2007-08-24 13:15 --------- d-------- C:\Program Files\Disc2Phone
2007-08-24 12:52 --------- d-------- C:\Program Files\Common Files\Teleca Shared
2007-08-24 12:52 --------- d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2007-08-24 12:51 --------- d-------- C:\Program Files\Sony Ericsson
2007-08-23 14:14 --------- d-------- C:\Program Files\XVideoConverter
2007-08-17 17:30 --------- d-------- C:\Program Files\ICQLite
2007-08-11 16:21 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-11 13:01 --------- d-------- C:\Program Files\SpeedCarnage
2007-08-09 15:06 --------- d-------- C:\Program Files\Eidos Interactive
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-05-26 15:15 6010880 --a------ C:\Documents and Settings\Guest\icq5_1_Atlas.exe
2007-01-01 20:26 40006376 --a------ C:\Program Files\ec_602pcsuite41.exe
2006-06-27 20:56 138 --a--c--- C:\Program Files\INSTALL.LOG
2005-09-22 17:53 718336 --a------ C:\Program Files\ABBYY FineReader 8.0 Professional Edition.msi
2005-09-21 07:54 3584 --a------ C:\Program Files\1033.mst
2005-09-21 07:54 154624 --a------ C:\Program Files\1049.mst
2005-09-20 23:59 360 --a------ C:\Program Files\setup.ini
2005-09-20 20:38 356352 --a------ C:\Program Files\setup.exe
2003-04-21 15:09 245408 --a------ C:\Program Files\unicows.dll
2002-03-11 12:06 1822520 --a------ C:\Program Files\instmsiW.exe
2001-11-23 06:08 712704 -ra--c--- C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2005-07-27 21:11:31 56 -csha-r C:\WINDOWS\system32\E5753A6A96.sys
2005-11-02 15:47:05 10,856 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0CBF6F9-4471-4257-ABC4-BCE4EF2ED5ED}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-07-13 02:50 C:\WINDOWS\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 C:\WINDOWS\mixer.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-13 02:50]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 13:18]
"xvid start"="%windir%\xvid.bat" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-09-27 08:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 10:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 16:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwil32]
winwil32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvts.dll

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S2 ArcGIS License Manager;ArcGIS License Manager;C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
S2 USBBC;USB Bridge Cable (Windows 2000);C:\WINDOWS\system32\USBBC20.sys
S3 genmcmn;Genius NetScroll Wireless Mouse Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys
S3 RegVacService;RegVac Registry Service;C:\Program Files\RegVac Registry Cleaner\RegVserv.exe
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE27bus.sys
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS);C:\WINDOWS\system32\DRIVERS\se27nd5.sys
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE27obex.sys
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM);C:\WINDOWS\system32\DRIVERS\se27unic.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

.
Contents of the 'Scheduled Tasks' folder
"2007-01-17 12:20:34 C:\WINDOWS\Tasks\Aplikace Norton AntiVirus - Prověřit tento počítač - Jindra.job"
"2006-10-11 18:29:16 C:\WINDOWS\Tasks\Aplikace Norton AntiVirus - Prověřit tento počítač - tatulda.job"
"2007-10-05 18:00:00 C:\WINDOWS\Tasks\Aplikace Norton AntiVirus - Prověřit tento počítač.job"
"2006-11-25 16:22:50 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-06 15:07:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-06 15:10:06
C:\ComboFix-quarantined-files.txt ... 2007-10-06 15:09
.
--- E O F ---

Příspěvekod **fredik** » 06 říj 2007 17:20

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\cookie1.dat
C:\xxbrek.exe
C:\WINDOWS\system32\btasv.dll
C:\WINDOWS\system32\conf.dat
C:\pspw.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0CBF6F9-4471-4257-ABC4-BCE4EF2ED5ED}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwil32]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Nech zkontrolovat tady tyto dva soubory na Virustotal
C:\WINDOWS\system32\438fc9ee.sys
a
C:\WINDOWS\system32\E5753A6A96.sys
a dej se výsledky. Pro nelezení uvedených souborů si budeš muset zapnout zobrazení skrytých souborů a složek. Pokud by jsi ty soubory nemohl najít tak zkopíruj do volného řádku (vedle tlačítka Procházet) celou cestu k souboru a nechej je otestovat.

Dej sem pak zároveň nový log z HJT

PECHY15 · Příspěvekod **PECHY15** » 07 říj 2007 19:25

Chci se zeptat v jakém kódování mám uložit ten txt.

Tady jsou ty výsledky:

Soubor 438fc9ee.sys přijatý 2007.10.07 19:14:21 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO

Výsledek: 1/32 (3.13%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 7.
Odhadovaný čas začátku mezi 65 a 93 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.10.6.0 2007.10.05 -
AntiVir 7.6.0.20 2007.10.05 -
Authentium 4.93.8 2007.10.05 -
Avast 4.7.1051.0 2007.10.06 -
AVG 7.5.0.488 2007.10.07 -
BitDefender 7.2 2007.10.07 -
CAT-QuickHeal 9.00 2007.10.06 -
ClamAV 0.91.2 2007.10.07 -
DrWeb 4.44.0.09170 2007.10.07 -
eSafe 7.0.15.0 2007.10.07 -
eTrust-Vet 31.2.5190 2007.10.06 -
Ewido 4.0 2007.10.07 -
FileAdvisor 1 2007.10.07 -
Fortinet 3.11.0.0 2007.10.07 -
F-Prot 4.3.2.48 2007.10.06 -
F-Secure 6.70.13030.0 2007.10.06 -
Ikarus T3.1.1.12 2007.10.07 -
Kaspersky 7.0.0.125 2007.10.07 -
McAfee 5135 2007.10.05 -
Microsoft 1.2908 2007.10.07 -
NOD32v2 2576 2007.10.07 -
Norman 5.80.02 2007.10.05 -
Panda 9.0.0.4 2007.10.07 -
Prevx1 V2 2007.10.07 -
Rising 19.43.60.00 2007.10.07 -
Sophos 4.22.0 2007.10.07 -
Sunbelt 2.2.907.0 2007.10.06 -
Symantec 10 2007.10.07 -
TheHacker 6.2.6.079 2007.10.07 -
VBA32 3.12.2.4 2007.10.07 -
VirusBuster 4.3.26:9 2007.10.06 -
Webwasher-Gateway 6.0.1 2007.10.05 Win32.Malware.gen!82 (suspicious)
Rozšiřující informace
File size: 158464 bytes
MD5: 8787b4a630aa7e100a7dac4f589c5661
SHA1: 88cfa06929783f21e2b11b040e90e788bc39395e

A tady je ten druhý:

Soubor E5753A6A96.sys přijatý 2007.10.07 19:20:33 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO

Výsledek: 0/32 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 7.
Odhadovaný čas začátku mezi 65 a 93 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.10.6.0 2007.10.05 -
AntiVir 7.6.0.20 2007.10.05 -
Authentium 4.93.8 2007.10.05 -
Avast 4.7.1051.0 2007.10.06 -
AVG 7.5.0.488 2007.10.07 -
BitDefender 7.2 2007.10.07 -
CAT-QuickHeal 9.00 2007.10.06 -
ClamAV 0.91.2 2007.10.07 -
DrWeb 4.44.0.09170 2007.10.07 -
eSafe 7.0.15.0 2007.10.07 -
eTrust-Vet 31.2.5190 2007.10.06 -
Ewido 4.0 2007.10.07 -
FileAdvisor 1 2007.10.07 -
Fortinet 3.11.0.0 2007.10.07 -
F-Prot 4.3.2.48 2007.10.06 -
F-Secure 6.70.13030.0 2007.10.06 -
Ikarus T3.1.1.12 2007.10.07 -
Kaspersky 7.0.0.125 2007.10.07 -
McAfee 5135 2007.10.05 -
Microsoft 1.2908 2007.10.07 -
NOD32v2 2576 2007.10.07 -
Norman 5.80.02 2007.10.05 -
Panda 9.0.0.4 2007.10.07 -
Prevx1 V2 2007.10.07 -
Rising 19.43.60.00 2007.10.07 -
Sophos 4.22.0 2007.10.07 -
Sunbelt 2.2.907.0 2007.10.06 -
Symantec 10 2007.10.07 -
TheHacker 6.2.6.079 2007.10.07 -
VBA32 3.12.2.4 2007.10.07 -
VirusBuster 4.3.26:9 2007.10.06 -
Webwasher-Gateway 6.0.1 2007.10.05 -
Rozšiřující informace
File size: 56 bytes
MD5: daccd40e7fe4734de7da4b8f84fa3c3e
SHA1: ad3e8d19d30de1aabaa056c2b68657431c1aa312

Příspěvekod **fredik** » 07 říj 2007 20:16

Žádný kódování nikde nenastavuj. Otevři si Poznámkový blok a vlož tam co jsem napsal a ulož to jak bylo napsané a proveď akci s Combofixem.

Nech tam nastavené to co tam je po spuštění Poznámkového bloku, tuším že to je ANSI

PECHY15 · Příspěvekod **PECHY15** » 07 říj 2007 20:34

Takže tady je log z ComboFIX:

ComboFix 07-10-06.3 - PECHY 2007-10-07 20:23:48.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.445 [GMT 2:00]
Running from: C:\Documents and Settings\PECHY.JINDüICHPECHAL\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\PECHY.JINDüICHPECHAL\Plocha\CFScript.txt
* Created a new restore point

FILE::
C:\pspw.exe
C:\WINDOWS\system32\btasv.dll
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\cookie1.dat
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\rc.dat
C:\xxbrek.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\pspw.exe
C:\WINDOWS\system32\btasv.dll
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\cookie1.dat
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\rc.dat
C:\xxbrek.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.

2007-10-06 13:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 12:17 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-06 12:17 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-06 12:17 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-04 17:29 158,464 --a------ C:\WINDOWS\system32\438fc9ee.sys
2007-10-03 15:44 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-10-03 15:30 <DIR> d-------- C:\Program Files\Hide Real IP
2007-10-02 17:23 <DIR> dr------- C:\Documents and Settings\mohaa\Oblˇben‚ polo§ky
2007-10-02 17:23 <DIR> dr------- C:\Documents and Settings\mohaa\Dokumenty
2007-10-02 17:23 <DIR> d--h----- C:\Documents and Settings\mohaa\ćablony
2007-10-02 17:23 <DIR> d--h----- C:\Documents and Settings\mohaa\Okolnˇ tisk rny
2007-10-02 17:23 <DIR> d--h----- C:\Documents and Settings\mohaa\Okolnˇ sˇś
2007-10-02 17:23 <DIR> d--h----- C:\Documents and Settings\mohaa\Data aplikacˇ
2007-10-02 17:23 <DIR> d-------- C:\Documents and Settings\mohaa\WINDOWS
2007-10-02 17:23 <DIR> d-------- C:\Documents and Settings\mohaa\Plocha
2007-10-02 17:23 <DIR> d-------- C:\Documents and Settings\mohaa\Nabˇdka Start
2007-10-01 17:55 <DIR> d-------- C:\Program Files\PQDVD
2007-09-27 17:08 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-09-21 15:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-09-16 12:35 <DIR> d-------- C:\Program Files\QuickTime
2007-09-16 12:35 <DIR> d-------- C:\Program Files\ImTOO
2007-09-15 20:10 <DIR> d-------- C:\Program Files\A-one 3GP Video Converter
2007-09-15 13:20 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-09-13 20:02 5,888 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-13 20:02 127,488 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-13 19:59 <DIR> d-------- C:\Program Files\AskTBar
2007-09-13 19:59 <DIR> d-------- C:\Program Files\Ahead
2007-09-11 12:05 <DIR> d-------- C:\Program Files\01-mp3search

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-07 08:44 --------- d-------- C:\Program Files\Spyware Terminator
2007-10-07 07:51 --------- d-------- C:\Program Files\RegVac Registry Cleaner
2007-10-06 15:11 --------- d-------- C:\Program Files\ICQToolbar
2007-10-05 19:23 --------- d-------- C:\Program Files\GameSpy Arcade
2007-10-04 17:29 --------- d-------- C:\Program Files\Common Files\soft602
2007-09-21 15:24 --------- d-------- C:\Program Files\GamePark
2007-09-13 19:59 --------- d-------- C:\Program Files\Ahead- Nero
2007-09-04 23:05 --------- d-------- C:\Program Files\SpeedFan
2007-09-03 13:42 --------- d-------- C:\Program Files\ZOO Digital Publishing
2007-08-24 13:15 --------- d-------- C:\Program Files\Disc2Phone
2007-08-24 12:52 --------- d-------- C:\Program Files\Common Files\Teleca Shared
2007-08-24 12:52 --------- d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2007-08-24 12:51 --------- d-------- C:\Program Files\Sony Ericsson
2007-08-23 14:14 --------- d-------- C:\Program Files\XVideoConverter
2007-08-17 17:30 --------- d-------- C:\Program Files\ICQLite
2007-08-11 16:21 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-11 13:01 --------- d-------- C:\Program Files\SpeedCarnage
2007-08-09 15:06 --------- d-------- C:\Program Files\Eidos Interactive
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-05-26 15:15 6010880 --a------ C:\Documents and Settings\Guest\icq5_1_Atlas.exe
2007-01-01 20:26 40006376 --a------ C:\Program Files\ec_602pcsuite41.exe
2006-06-27 20:56 138 --a--c--- C:\Program Files\INSTALL.LOG
2005-09-22 17:53 718336 --a------ C:\Program Files\ABBYY FineReader 8.0 Professional Edition.msi
2005-09-21 07:54 3584 --a------ C:\Program Files\1033.mst
2005-09-21 07:54 154624 --a------ C:\Program Files\1049.mst
2005-09-20 23:59 360 --a------ C:\Program Files\setup.ini
2005-09-20 20:38 356352 --a------ C:\Program Files\setup.exe
2003-04-21 15:09 245408 --a------ C:\Program Files\unicows.dll
2002-03-11 12:06 1822520 --a------ C:\Program Files\instmsiW.exe
2001-11-23 06:08 712704 -ra--c--- C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2005-07-27 21:11:31 56 -csha-r C:\WINDOWS\system32\E5753A6A96.sys
2005-11-02 15:47:05 10,856 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-07-13 02:50 C:\WINDOWS\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 C:\WINDOWS\mixer.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-13 02:50]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 13:18]
"xvid start"="%windir%\xvid.bat" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-09-27 08:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 10:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 16:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S2 ArcGIS License Manager;ArcGIS License Manager;C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
S2 USBBC;USB Bridge Cable (Windows 2000);C:\WINDOWS\system32\USBBC20.sys
S3 genmcmn;Genius NetScroll Wireless Mouse Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys
S3 RegVacService;RegVac Registry Service;C:\Program Files\RegVac Registry Cleaner\RegVserv.exe
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE27bus.sys
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS);C:\WINDOWS\system32\DRIVERS\se27nd5.sys
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE27obex.sys
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM);C:\WINDOWS\system32\DRIVERS\se27unic.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

.
Contents of the 'Scheduled Tasks' folder
"2007-01-17 12:20:34 C:\WINDOWS\Tasks\Aplikace Norton AntiVirus - Prověřit tento počítač - Jindra.job"
"2006-10-11 18:29:16 C:\WINDOWS\Tasks\Aplikace Norton AntiVirus - Prověřit tento počítač - tatulda.job"
"2007-10-05 18:00:00 C:\WINDOWS\Tasks\Aplikace Norton AntiVirus - Prověřit tento počítač.job"
"2006-11-25 16:22:50 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-07 20:28:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-07 20:30:53 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-07 20:30
C:\ComboFix2.txt ... 2007-10-06 15:10
.
--- E O F ---

A tady je log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31, on 2007-10-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\PECHY.JINDŘICHPECHAL\Plocha\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [xvid start] %windir%\xvid.bat
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: RegVac.lnk = C:\Program Files\RegVac Registry Cleaner\regvac.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Britanik - {479BEE90-08C0-44fa-AE28-06BA96963B5B} - C:\Program Files\Britanik\britanik.dll
O9 - Extra 'Tools' menuitem: Britanik - {479BEE90-08C0-44fa-AE28-06BA96963B5B} - C:\Program Files\Britanik\britanik.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CW App KB R9 - https://www.mojebanka.cz/jars/cwapp.cab
O16 - DPF: GEMINI IBS 32 GEMB Applet Security - https://ib.internetbanka.cz/ibs31/bin/I ... .3.0.0.cab
O16 - DPF: GEMINI IBS 32 GEMB Applet Utilities - https://ib.internetbanka.cz/ibs31/bin/I ... .99.99.cab
O16 - DPF: IB App KB R9 - https://www.mojebanka.cz/jars/ibapp.cab
O16 - DPF: KTPro SP KB R9 - https://www.mojebanka.cz/jars/ktpsp.cab
O16 - DPF: SH App KB R9 - https://www.mojebanka.cz/jars/shapp.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://www.portalzp.cz/obj/Signer.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {702B8921-6171-4375-A8DA-474D4054B8CA} (ICAEnroll Class) - https://download.ica.cz/ICAEnroll.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0915ADC-3B61-47B0-9226-7185CE634D48}: NameServer = 62.40.68.2,195.129.12.83
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Služba Auto Protect aplikace Norton AntiVirus (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegVac Registry Service (RegVacService) - Super Win Software, Inc. - C:\Program Files\RegVac Registry Cleaner\RegVserv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\

--
End of file - 10985 bytes

Příspěvekod **fredik** » 10 říj 2007 12:14

Pokud nutně nepotřebuješ tak odinstaluj přes Přidat nebo odebrat programy:
Ask Toolbar a Megaupload Toolbar

fixni v HJT tyto položky:
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [xvid start] %windir%\xvid.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

pokud odinstaluješ ty dva zmíněné programy tak ještě fixni v HJT tyto položky:
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

Vzhledem k tomu že tam máš jen pozůstatky, použij Norton Removal Tool na jejich odstranění.

Pak si tam nainstaluj Antivir, protože tam žádný momentálně nemáš.
Dej sem pak nový log z HJT.

PECHY15 · Příspěvekod **PECHY15** » 11 říj 2007 15:17

Počítač mi začal při spouštění psát hlášku v modrém okně o potížích a že musel být z bezpečnostních důvodů ukončen windows.
Píše Technické Informace:

***STOP:0x0000003F(0x00000000,0x00001FEF,0x00009F9F,0x0000CC87)

Po doběhnutí kontroly RAM do 100 se restartuje a dělá to samé znovu.

Občas to přestane dělat a spustí mi windows.

Co mám dělat??

PECHY15 · Příspěvekod **PECHY15** » 11 říj 2007 15:26

Tady je nový log z hijackthis, ale zdáse mi že ty první 3 to vůbec neodstranilo.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:27, on 10.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\mohaa\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [xvid start] %windir%\xvid.bat
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Britanik - {479BEE90-08C0-44fa-AE28-06BA96963B5B} - C:\Program Files\Britanik\britanik.dll
O9 - Extra 'Tools' menuitem: Britanik - {479BEE90-08C0-44fa-AE28-06BA96963B5B} - C:\Program Files\Britanik\britanik.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: BSC Business Objects - https://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
O16 - DPF: BSC Java Components Library - https://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
O16 - DPF: CW App KB R9 - https://www.mojebanka.cz/jars/cwapp.cab
O16 - DPF: GEMINI IBS 32 GEMB Applet Security - https://ib.internetbanka.cz/ibs31/bin/I ... .3.0.0.cab
O16 - DPF: GEMINI IBS 32 GEMB Applet Utilities - https://ib.internetbanka.cz/ibs31/bin/I ... .99.99.cab
O16 - DPF: IB App KB R9 - https://www.mojebanka.cz/jars/ibapp.cab
O16 - DPF: KTPro SP KB R9 - https://www.mojebanka.cz/jars/ktpsp.cab
O16 - DPF: SH App KB R9 - https://www.mojebanka.cz/jars/shapp.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://www.portalzp.cz/obj/Signer.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {702B8921-6171-4375-A8DA-474D4054B8CA} (ICAEnroll Class) - https://download.ica.cz/ICAEnroll.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0915ADC-3B61-47B0-9226-7185CE634D48}: NameServer = 62.40.68.2,195.129.12.83
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Služba Auto Protect aplikace Norton AntiVirus (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegVac Registry Service (RegVacService) - Super Win Software, Inc. - C:\Program Files\RegVac Registry Cleaner\RegVserv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\

--
End of file - 10279 bytes

PECHY15 · Příspěvekod **PECHY15** » 12 říj 2007 16:42

Tak už mi teď to modre okno vyskakuje pořád a počítač mi jde spustit pouze v nouzovém režimu.

Prosíííííím pomozte mi nevím co mám dělat.

Prosííííím o kontrolu logu

Kdo je online